Home » Computers & Electronics

Enterprise Rights Management

Ranked #31,516 in Computers & Electronics, #576,429 overall

Everything you need to know about Enterprise Rights Management and the benefits for business

Welcome to the Enterprise Rights Management space (Also known as Information Rights Management). Techies normally assume that everyone else understands the jargons we throw around. So what I intend to do through this lens is to explain what enterprise rights management is. I have been in IT for over 20 years and I always get great satisfaction from being able to explain any technology in simple terms such that the users or prospects can:-

1. Fully understand the technology in question.
2. Determine whether it is the right tool for them.

On most occasions it gives the users the confidence that they begin to know more about the technology and its application than the person who introduced it to them. This has a great advantage in that the prospect or client is confident about the technology they are going to adopt, which in turn helps them gain a competitive edge over their rivals.

So let's start with "What is Enterprise Digital Rights Management (E-DRM) or Enterprise Rights Management (ERM)?" Also called Information Rights Management (IRM). E-DRM has evolved from Digital Rights Management used to protect Music and Video from being copied illegally, although this was very unpopular with music lovers around the world.

E-DRM is a tool to help businesses and individuals safeguard confidential documents and intellectual property in electronic format persistently. For example a car manufacturing company will use E-DRM to protect the innovative design of car a component outsourced to another company for tooling. In the future the births and deaths registry will be able to send you an electronic copy of your birth certificate, which you can in turn send to anyone requiring it (how this will work will be discussed in a later posting).

E-DRM has been around for about 10 years and has highly developed market penetration in the Far East markets than in the American and European markets. The major players in the E-DRM marketplace are Adobe, Brainloop, EMC Documentum, Fasoo, GigaTrust, Liquid Machines, LockLizard, Microsoft, Oracle IRM, and Seclore Technology.

Persistent Security

The policy server enables you track the use of documentsThe core driver behind enterprise rights management is persistent security. This means that no matter where a file protected by enterprise rights management is located be it at rest (on a hard disk), in motion (attached to an email on route to a recipient) or in use (being read or edited), the security remains intact. It also means that as long as the policy to that file or document is maintained, it can only be accessed by authorised users and no one else, so if the file is forwarded to someone who does not have rights to that document it will remain inaccessible permanently.

This is a massive difference from full disk encryption or normal file encryption; in that once a file is decrypted it can be forwarded, edited and used in whatever manner the person in possession of the file desires. Apart from this there is no audit trail as to how the document or file is being used.

The beauty of enterprise rights management is that it cautions the recipient of the secured document to use the file with discretion knowing that there is an audit trail on the file.

Assigning Enterprise Rights Management Properties To A File

Locking down your confidential information.When you secure a file with enterprise rights management, the term used is called "package". You can also "unpackage" a file i.e. remove the encryption if you want to, but this feature will be used with caution. The "unpackaging" can only be granted by the owner who created the policy for the document. There are other permission settings that the administrator or owner of the document can set are:-

  • Read Permission: This feature enables the recipient to read the content of the document.

  • Edit Permission: This feature enables the recipient to edit and save the content of the document.

  • Print Permission: This feature enables or disables printing and all printing shortcuts.

  • Screen Capture Permission: This setting should block all known third-party screen-capture tools and Print Screen function of Windows.
Even the attempts are blocked to capture screens through virtual machine or remote access tool. However, screen capture is a very useful tool sometimes, for example, if you are making a product demonstration kit with screenshots. This should only block the window of secured document, not the whole screen.

Apart from the normal permission settings, some Enterprise DRM software vendors offer advanced settings on how a document is managed. This should be part of the criteria that executives involved in the software buying decision should consider before giving the green light.

  • Offline Access: This allows the document to be used even without connection to the DRM Server. A way of supporting offline access is issuing a special offline License with time limit. This feature is very useful when users travel where network is not available. To avoid the abuse of this feature, an approval process may be required prior to issuing such a special offline License.

  • Valid count of machine access: This feature determines the number of computers that a DRM-enabled document can be opened from. The aim is to restrict circulation of the document by circumventing the normal authentication process.

  • Valid count of views: This advance setting determines how many times a document can be opened for viewing.

  • Duration of document access: This feature sets a period from which the user can view the DRM-enabled document. Anytime before or after the date and time setting, the document will remain inaccessible.

  • Authentication prior to first use: This setting ensures that the document is being accessed by the intended person.

  • Access notification: This setting notifies the owner of the DRM-enabled document whenever the document is accessed. It can be set to notify every time the document is accessed or only on the first occasion.
By now you should begin to have an idea what enterprise rights management is all about and the features that is should contain. As enterprise rights management begins to mature, the capabilities and features will continue to grow to accommodate the increasing demands of the customer.

Tamper Proof Properties

The security provided by enterprise rights management makes documents tamper proofFor Enterprise Rights Management to work properly it must be tamper proof. This means that it must be impossible for users and hackers to circumvent any security features that make it a rights management tool. So what are these features?

Copy and Paste:
The windows clipboard must be controlled to prevent copy and paste from a DRM-enabled document to a plain document if the user's permission does not grant editing rights. Even when the user's permissions for copy and paste is allowed, the destination document must inherit the DRM properties of the source document automatically. This prevents secured data from becoming unsecured with the possibility of the data getting in front of wrong eyes.

Export:
There are several ways to export the content of a file such as, "print as a file", and "export content in other formats". Enterprise rights management should encrypt all exported files, which inherit the policy of source documents.

Trusted Clock:
If you remember in my previous post, I mentioned duration of access to a DRM protected document as an advanced setting. For this to work they needs to be a dependency on a trusted clock, rather than relying on local PC clock to prevent circumventing this setting.

Blocking Screen Capture:
Attempts to use third-party screen-capture tools and print screen functions should be prevented. Even attempts to capture screens through virtual machine or remote access tool are blocked. Blocking should only be on the window of secured document, not the whole screen. Another approach is to use a blacklist feature which prevents the launching of targeted blacklisted applications that could be used to capture protected information.

Some Typical Enterprise Rights Management Applications

The list below is not conclusive, but the aim is to give you some ideas as to how you can use enterprise rights management to protect confidential information and intellectual design.
  • Sending an excel file with financials for management approval
  • Reviewing a CAD technical design with the engineering design team and external tooling business partner
  • Sharing a new logo design in a JPG format with a focus group for comments.
  • Bank wants to help customers protect their electronic statements that have been downloaded from its website to ensure that the PDF is persistently secure and can only be accessed by the account owner.
  • Forwarding Microsoft Office or Open Office documents regarding a proposed take over bid for for editing and concerned about screen capture programs.
  • Physician needs to transmit urgent patient information to hospital systems ensuring transfer of all data complies with HIPAA privacy regulations
  • Law firm needs to send draft contract on a business deal to its client for approval before final contract is drawn.

Enterprise Digital Rights Management Blog

All you ever wanted to know about Enterprise Rights Management including types, vendors, applications etc.
Loading

Enterprise Rights Management Page Poll

Loading poll. Please Wait...

Enterprise Rights Management Reader Feedback

Hope my Enterprise Rights Management lens helped you! Please leave a comment below, if you desire!

Show All

by

enterprisedrm

I am a solutions-focused IT professional with strong business analysis skills and demonstrated experience in delivering on multiple complex projects t... more »

Feeling creative? Create a Lens!

Related Tags